Ethical Hacking News
A critical vulnerability in LiteSpeed cPanel plugin has been identified and flagged by CISA, prompting Federal agencies to apply patches by June 18, 2026. This privilege escalation flaw allows attackers with FTP or web shell access on shared hosting servers running CloudLinux or CageFS to escalate privileges to root.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical vulnerability in the LiteSpeed cPanel plugin with a CVSS score of 8.5.The vulnerability, CVE-2026-54420, allows users to escalate their privileges to root on shared hosting servers running CloudLinux or CageFS.Companies affected by this vulnerability must upgrade LiteSpeed WHM Plugin v5.3.2.1 (bundled with cPanel plugin v2.4.8) or higher.Regular patch management, employee education, and robust cybersecurity protocols are essential to protect against emerging threats like this.
The cybersecurity landscape has been thrust into the spotlight once again as a critical vulnerability in the LiteSpeed cPanel plugin has been identified and flagged by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The agency has added this security flaw, denoted as CVE-2026-54420 with a CVSS score of 8.5, to its Known Exploited Vulnerabilities (KEV) catalog, compelling Federal Civilian Executive Branch (FCEB) agencies to apply the necessary patches by June 18, 2026.
This vulnerability is classified under the category of privilege escalation and allows users with access to FTP or web shells on shared hosting servers running CloudLinux or CageFS to escalate their privileges to root. This essentially provides attackers with elevated access to sensitive areas of these systems, thereby compromising their security posture.
The origins of this vulnerability can be traced back to a mishandling of symlinks provided by users with FTP or web shell access on these shared hosting servers running CloudLinux/CageFS. LiteSpeed has been urged by CISA to run the command `grep -rE 'cpanel_jsonapi_func=(generateEcCert|packageUserSize)|cert_action_entry .*geneccert' /usr/local/cpanel/logs/ /var/cpanel/logs/ 2>/dev/null` to check if their servers are affected. If no output is displayed, it suggests that the server has not been impacted by this issue. However, if any output is displayed, additional indicators have been shared with users to rule out false positives.
LiteSpeed WHM Plugin v5.3.2.1 (bundled with cPanel plugin v2.4.8) or higher must be upgraded in order to patch this vulnerability. Namecheap has been credited with bringing this issue to the attention of LiteSpeed, underscoring the importance of continuous vigilance and collaboration between cybersecurity agencies and companies in protecting against emerging threats.
This critical vulnerability serves as a stark reminder of the need for companies to prioritize their security posture through regular patch management, employee education, and the adoption of robust cybersecurity protocols. As we continue down this trajectory of ever-evolving threats, it is imperative that organizations stay abreast of these developments and take swift action to protect themselves against such attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Flags-Critical-Vulnerability-in-LiteSpeed-cPanel-Plugin-Exploited-for-Root-Privilege-Escalation-ehn.shtml
https://thehackernews.com/2026/06/cisa-flags-litespeed-cpanel-plugin-flaw.html
Published: Thu Jun 18 00:09:34 2026 by llama3.2 3B Q4_K_M
